Download Options

Contents

Introduction

This document describes how to resolve a Cisco AnyConnect Secure Mobility Client connection error if you deploy Hostscan on Linux.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

Cisco AnyConnect

Cisco Secure Desktop (CSD)

Linux

Components Used

The information in this document affects Linux users who run CSD Hostscan.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Problem

When a Linux user runs Cisco Anyconnect in conjunction with CSD Hostscan, an error message appears that indicates the Posture Assessment Failed with a Hostscan Initialize error:

In the libcsd.log file, an error message indicates that the certificate used in order to sign the CSD Hostscan binary has expired:

Note: Mac and Windows users are not affected by this issue. This is because the Mac and Windows client code verifies that the certificate used for signing is valid at the time of code signing, whereas the Linux client code checks if the certificate used for signing is currently valid.

Solution

Since the problem is caused by the date on which the certificate was signed, you can change the system clock in order to allow the user to connect; however, this is not a fix.

Cisco bug ID CSCue49663 (registered customers only) was filed in order to resolve this problem. In order to get the fix, upgrade to AnyConnect Version 3.1.02043, or upgrade only the Hostscan Engine package to Version 3.0.11046, as shown here: